Insecurity has reached a new level when end users can have their online identities stolen by people scooping up data created to take advantage of the same users in a different way. Especially if they thought that exact risk had been squashed three or four years ago.

"Cookiejacking" is the newest exploit to highlight a ludicrous flaw in Internet Explorer."

Valotta told Reuters the technique could get credentials for any web site or any cookie without using cros-site-scripting (XSS), which many security apps shut down automatically.

FaceBook, Google and other popular online services made security tighter during the past few months by, among other things, making sure login information wasn't stored unencrypted in cookie files as they once were for some.

You also have to salt a web page with an iFrame that looks like a clickable part of the UI, but has code behind it for a content-extracting clickjacking technique. When the user clicks and drags the visible part of the frame, a hidden frame grabs live-session cookie data from the cookie file.

Valotta provides a little video of the cookiejacking in action, as well as detailed descriptions.

A Microsoft spokesman told Reuters that the series of actions necessary to make a successful cookiejacking made the risk to average consumers a small one.